Select the Potential Solution

Article
10/05/2010

Applies To: Windows Server 2003 with SP1

Previous Sections in This Guide

At this stage in the design process, you have defined the scope of what you want to accomplish. Now you want to break the project into manageable chunks, chunks small enough to easily complete as you work toward the overall solution. This process of selecting a candidate for further design helps you to define your project so that you can set aside other solutions for a later time. Each MIIS 2003 implementation will be unique to your organization based on your vision and scope, business goals, team composition, and current environment.

In order to select one solution out of many possible candidates, you should create a strategy for weighing their value against the vision and scope of the effort, business goals and requirements, budget considerations, schedule, potential risks, and desired system state. Usually this step requires a thorough analysis of all the possible candidates and then a prioritization process. Use this process to select one candidate. Then after you design the system dataflow and plan the metaverse, you can account for future solutions because your design is scalable.

This section provides tips for deciding which design to pursue. The section ends with an example scenario (it uses a fictitious company, Fabrikam) so that you can see how the process works. The tables in the Fabrikam scenario provide one example of a method for determining which solution to select as your first implementation candidate.

Deciding on the Design

You can achieve your goals by using different methods. For example, you can use MIIS 2003, other processes, or both. In order to decide which design to pursue, separately evaluate each outcome, asking these questions:

What capabilities in MIIS 2003 can be used to solve the problem?
What additional processes need to be implemented to solve the problem?
How would the current state of your data affect the solution?
What is the timeline for completion?
What is the estimated cost in relation to business benefit?
What are the known risks to the organization when implementing this solution?

As you iterate through your candidate solutions, you might need to further investigate specific areas that could affect your decision. In review, you should do the following:

Assess the current security state in order to understand if data is accessible and which data is confidential.
Assess the current state of all data that you might use in the integration process. Assess your data to determine the likelihood of invalid data and the effort required to join data in order to produce the state you want.
Evaluate the impact on IT resources to determine changes in procedures, policies, and costs that all relate to enhancements of the infrastructure.
Evaluate the business benefit of each potential solution to determine how much of the goal it achieves.
Estimate the time required to deploy each potential solution. Consider other projects in your organization that might compete for priority and resources.
Evaluate each potential solution for how it can benefit the end user and administrative tasks. Compare these benefits to the business goal.
Assess the potential risks of each solution based on your findings from your assessment and evaluation above.

At the end of this process, you should determine how well the proposed solution meets the stated goals and requirements.

Example Scenario: Goals and Possible Solutions

In this example scenario, the company (Fabrikam) has three goals to achieve:

Create an aggregated view of Fabrikam employees from which all the data sources in Fabrikam can be managed.
When merging the common employee data into a single, logical view of the MIIS 2003 metaverse, Fabrikam maintains authority for objects and attributes for business rules.
In addition to maintaining attribute precedence, Fabrikam uses MIIS 2003 to populate distribution lists (DLs) in the Active Directory data source from the group membership data in the Fabrikam.com domain namespace.

The following list describes a sampling of candidate solutions for each Fabrikam goal:

Integrate HR data, contracted-labor data, and telephone data with Active Directory

Use MIIS 2003 to import data from these three data sources to create an aggregated view.
Use MIIS 2003 to provision new staff member objects to the telephone data source or remove inactive ones.

Maintain authority over a single, logical view of objects and attributes for business rules

Use MIIS 2003 to create and maintain the view for each specified business rule.
Use MIIS 2003 to establish object and attribute authority policies over synchronized data.
Implement a security policy that no processes outside the control of HR can update the HR database.

Populate and maintain distribution lists in the Active Directory data source by using group membership data from the Fabrikam.com domain namespace

Fabrikam uses the MIIS 2003 Group Creation and Provisioning walkthrough, which is available at https://go.microsoft.com/fwlink/?LinkId=18080, to do group creation and provisioning.

For example, the matrix in Table 2 summarizes how Fabrikam evaluates each possible solution, weighing it against the outcome they want.

Table 2 Solutions Matrix for Fabrikam Scenario

Outcome Wanted	Potential Solution	Scenarios That MIIS Addresses	Related Solutions	How Solution Affects Data	Timeline	Estimated Cost1	Risks2
Create an aggregated view of Fabrikam employees	1-Integrate HR, contracted labor, and Active Directory	Integration		Valid data likely	Finish by Q4	Within budget and resources	Manageable
Create an aggregated view of Fabrikam employees	2-Provision new staff member objects to the telephone data source or remove inactive ones	Integration and provisioning	Integration	Some valid, some invalid data. Updates not always reliable.	Finish by Q1	Within budget and resources	Manageable
Fabrikam maintains authority	1-Integrate HR, contracted labor, and Active Directory	Integration with precedence		Valid data likely	Finish by Q4	Within budget and resources	Manageable
Fabrikam maintains authority	3-Authority over telephone data source	Integration with precedence	Integration	Valid data likely except in the telephone data source	Cannot finish by Q4	Low cost but requires extra funds to scrub telephone data	Manageable
Fabrikam maintains authority	4-HR database security policy	Cannot use provisioning	Integration		Finish by Q4	Within budget	Manageable
Populate distribution lists	5-Distribution list population	Group Creation and Provisioning walkthrough		Valid data likely	Finish by Q4	Within budget and resources	Manageable

1 Estimated cost: effort/worker-days/infrastructure.

2 Risks: security/project completion.

Next, for the same Fabrikam scenario, Table 3 lists each potential solution in order to determine the implementation priority.

Note

As you fill out your own table from left to right, addressing each column for each potential solution, you refer to the analysis you recorded in the solution proposal to make the judgment. When the matrix is complete, your choice of a proposed solution becomes clearer.

Table 3 Priority of Potential Solutions for Fabrikam Scenario

Potential Solution	Meets Percentage of Goal	Implementation Rating	Importance to Organization	Selected Priority	Implementation Order
1-Integrate HR, contracted labor, and Active Directory	80%	Within ability	High	High	First
2-Provision to telephone data source	25%	Within ability but expands scope	Medium	Medium	Third
3-Authority over telephone data source	Non-goal	Within ability but expands scope	Low goal importance but good cost savings	Medium	Fourth
4-HR database security policy	100%	Within ability	High	High	Second 1
5-Distribution list population	100%	Within ability	High	High	Second

1 Solution 4 is not dependent on the other solutions; however, implementation is necessary for Solution 1.

Summary

Selecting your identity integration solution required you to do these tasks:

Plan and build a team consisting of a program manager and project architect who consult and negotiate with the data source stewards and data owners. You also secured the support of an executive sponsor and reviewed high-level deployment and operations responsibilities.
Define the structure of the project, which includes setting your communication standards, your documentation standards, and your change control standards for your team to use during the project.
Document your business goals for this project in order to narrows your focus and solidify project scope.
Assess the state of your IT infrastructure to help you plan your future deployment.
Create your project’s vision, which is based on your business goals.
Assess the risks of your project based on the current assessment compared to the vision statement.
Construct a solution proposal, which is a record of your assessments, investigations, and decisions for choosing the optimal scenario.

Outline of Your Solution Proposal

The solution proposal consists of the following:

A project charter that is approved by your executive sponsor.
A vision statement that is directly tied to the goals of the business.
A detailed analysis of your IT infrastructure.
Various identity integration and management scenarios that might even have solutions outside the scope of MIIS 2003.
A specific solution has been selected from a list of candidates so that you can begin dataflow design work.
A proof-of-concept analysis, which allows others to validate the effectiveness of your solution.

Next Steps to Complete Your Design

First, you need to have some form of agreement on the solution proposal. Agreement might mean obtaining formal signoff, or you might already have reached agreement during the investigation and decision process. Either way, the executive sponsor, the program manager, the project architect, your IT management including the security architect, and data owners should all be involved and in agreement.

Team building continues. As you progress through the system dataflow design and metaverse planning, you add new expertise to the team. Likewise, you later add the synchronization rules planner and rules extension builder.

Your system dataflow design uses the objects and attributes that you identified in your solution proposal to develop a logical design, which is then translated into a physical design when you plan the metaverse and synchronization rules.